Diff

mod_http_upload/mod_http_upload.lua @ 4443:0a56dc6c61af

mod_http_upload: Add access config option
author Nicolas Cedilnik <nicoco@nicoco.fr>
date Tue, 16 Feb 2021 21:29:27 +0100
parent 4076:f1f796e551f1
child 4610:342664061c9b
line wrap: on
line diff
--- a/mod_http_upload/mod_http_upload.lua	Tue Feb 16 19:16:21 2021 +0100
+++ b/mod_http_upload/mod_http_upload.lua	Tue Feb 16 21:29:27 2021 +0100
@@ -20,6 +20,7 @@
 local httpserver = require "net.http.server";
 local have_id, id = pcall(require, "util.id"); -- Only available in 0.10+
 local uuid = require"util.uuid".generate;
+local jid = require "util.jid";
 if have_id then
 	uuid = id.medium;
 end
@@ -32,6 +33,7 @@
 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB
 local quota = module:get_option_number(module.name .. "_quota");
 local max_age = module:get_option_number(module.name .. "_expire_after");
+local access = module:get_option_set(module.name .. "_access", {});
 
 --- sanity
 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024);
@@ -169,8 +171,12 @@
 
 local function handle_request(origin, stanza, xmlns, filename, filesize)
 	local username, host = origin.username, origin.host;
-	-- local clients only
-	if origin.type ~= "c2s" then
+
+	local user_bare = jid.bare(stanza.attr.from);
+	local user_host = jid.host(user_bare);
+
+	-- local clients or whitelisted jids/hosts only
+	if not (origin.type == "c2s" or access:contains(user_bare) or access:contains(user_host)) then
 		module:log("debug", "Request for upload slot from a %s", origin.type);
 		return nil, st.error_reply(stanza, "cancel", "not-authorized");
 	end